[Freeswitch-users] Gateway Authentication

Chad Vogel cvogel at lyonl.com
Tue Sep 27 20:30:34 MSD 2011


I was able to get it to work by hardcoding the via rport to 5060 in sofia - our upstream provider uses a checkpont firewall in their network that is changing the source port which made level3 respond on the wrong port... I don't like this fix but it works. I really wish there was an option in fs to enable this because the rfc for sip requires the receiver respond on the port they receive the UDP message on if rport in the via header isn't set.

On Sep 27, 2011, at 11:02 AM, Michael Collins wrote:

Were you able to get this working? If not, get a console debug log with a siptrace and drop it on pastebin.freeswitch.org<http://pastebin.freeswitch.org/>. Be sure to use "FreeSWITCH Log" as the syntax highlighting.

at fs_cli you need to do:

console loglevel debug
sofia global siptrace on

That will turn on all the debug stuff you need. From there make the call attempt and capture the output, then drop on pastebin. Give us the pb URL in this thread.

Thanks,
MC

On Tue, Sep 20, 2011 at 9:34 AM, Chad Vogel <cvogel at lyonl.com<mailto:cvogel at lyonl.com>> wrote:
Hello, I'm trying to make the move from Asterix, but I'm running into some difficulties. I'm try to bridge a call using our gateway however it doesn't work. In wireshark I can see I'm getting an SIP 401 Unauthorized error with a WWW-Authenticate header, after FS send the INVITE message to the gateway. However FS doesnt seem to respond to the request for Authentication.  Asterix responds correctly however I cant seem to make FS to do the same. Any help would be appreciated


INVITE sip:+15618911806 at 4.55.35.60:5070 SIP/2.0
Via: SIP/2.0/UDP 207.67.30.226<tel:207.67.30.226>;rport;branch=z9hG4bKB49SZQHrgaaKc
Max-Forwards: 8
From: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;tag=eZe8gcQgXXv5c
To: <sip:+15618911806 at 4.55.35.60:5070>
Call-ID: 4f8edae0-5e45-122f-6399-07d4dbeff43f
CSeq: 17931324 INVITE
Contact: <sip:1-F2la9 at 207.67.30.226:5060;transport=udp;gw=level3>
User-Agent: FreeSWITCH
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY
Supported: timer, precondition, path, replaces
Allow-Events: talk, hold, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 227
X-FS-Support: update_display
Remote-Party-ID: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;party=calling;screen=yes;privacy=off

v=0
o=FreeSWITCH 1316516832 1316516833 IN IP4 10.126.200.6
s=FreeSWITCH
c=IN IP4 10.126.200.6
t=0 0
m=audio 17944 RTP/AVP 0 8 18 101 13
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20


SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 207.67.30.226<tel:207.67.30.226>;received=207.67.30.226<tel:207.67.30.226>;branch=z9hG4bKB49SZQHrgaaKc;rport=42534
From: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;tag=eZe8gcQgXXv5c
To: <sip:+15618911806 at 4.55.35.60:5070>;tag=SD6soqf99-1367649635-1316534779161
Call-ID: 4f8edae0-5e45-122f-6399-07d4dbeff43f
CSeq: 17931324 INVITE
WWW-Authenticate: DIGEST qop="auth",nonce="BroadWorksXgst2td09Tbihi2qBW",algorithm=MD5,realm="BroadWorks"
Content-Length: 0

  <include>
    <extension name="4142211800<tel:4142211800>">
      <condition field="destination_number" expression="^(\+?1)?(4142211800<tel:%284142211800>)$">
        <action application="set" data="effective_caller_id_name=LyonL"/>
        <action application="set" data="effective_caller_id_number=+14142211800<tel:%2B14142211800>"/>
        <action application="bridge" data="sofia/gateway/level3/+15618911806<tel:%2B15618911806>"/>
      </condition>
    </extension>
  </include>

<include>
  <gateway name="level3">
    <param name="apply-inbound-acl" value="level3"/>
    <param name="username" value="1-F2la9"/>
    <param name="password" value="password"/>>
    <param name="realm" value="BroadWorks"/>
    <param name="proxy" value="4.55.35.60:5070<http://4.55.35.60:5070/>"/>
    <param name="from-domain" value="207.67.30.226<tel:207.67.30.226>:5060"/>
    <param name="dtmf-type" value="rfc2833"/>
    <param name="extension-in-contact" value="true"/>
    <param name="caller-id-in-from" value="true"/>
    <param name="register" value="false"/>
  </gateway>
</include>

<profile name="external">
  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
  <!-- This profile is only for outbound registrations to providers -->
  <gateways>
    <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
  </gateways>

  <aliases>
    <!--
    <alias name="outbound"/>
    <alias name="nat"/>
    -->
  </aliases>

  <domains>
    <domain name="all" alias="false" parse="true"/>
  </domains>

  <settings>
    <param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
    <param name="sip-trace" value="no"/>
    <param name="sip-capture" value="no"/>
    <param name="rfc2833-pt" value="101"/>
    <param name="sip-port" value="$${external_sip_port}"/>
    <param name="dialplan" value="XML"/>
    <param name="context" value="public"/>
    <param name="dtmf-duration" value="2000"/>
    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
    <param name="hold-music" value="$${hold_music}"/>
    <param name="rtp-timer-name" value="soft"/>
    <!--<param name="enable-100rel" value="true"/>-->
    <!--<param name="disable-srv503" value="true"/>-->
    <!-- This could be set to "passive" -->
    <param name="local-network-acl" value="localnet.auto"/>
    <param name="manage-presence" value="false"/>

    <!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
    -->
    <!-- Name of the db to use for this profile -->
    <!--<param name="dbname" value="share_presence"/>-->
    <!--<param name="presence-hosts" value="$${domain}"/>-->
    <!--<param name="force-register-domain" value="$${domain}"/>-->
    <!--all inbound reg will stored in the db using this domain -->
    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
    <!-- ************************************************* -->

    <!--<param name="aggressive-nat-detection" value="true"/>-->
    <param name="inbound-codec-negotiation" value="generous"/>
    <param name="nonce-ttl" value="60"/>
    <param name="auth-calls" value="false"/>
    <!--<param name="challenge-realm" value="auto_from"/>-->
    <param name="user-agent-string" value="FreeSWITCH"/>
    <!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
    -->
    <param name="rtp-ip" value="$${local_ip_v4}"/>
    <param name="sip-ip" value="$${local_ip_v4}"/>
    <param name="ext-rtp-ip" value="auto-nat"/>
    <param name="ext-sip-ip" value="$${external_sip_ip}"/>
    <param name="rtp-timeout-sec" value="300"/>
    <param name="rtp-hold-timeout-sec" value="1800"/>
    <!--<param name="enable-3pcc" value="true"/>-->

    <!-- TLS: disabled by default, set to "true" to enable -->
    <param name="tls" value="$${external_ssl_enable}"/>
    <!-- additional bind parameters for TLS -->
    <param name="tls-bind-params" value="transport=tls"/>
    <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
    <param name="tls-sip-port" value="$${external_tls_port}"/>
    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
    <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
    <param name="tls-version" value="$${sip_tls_version}"/>

  </settings>
</profile>



FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>



FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110927/2fce654d/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list